Embeded Linux Firewall Appliances?

NT Convert asks: "I'm looking for an embedded firewall solution for my home network - The smaller and cheaper the better. Does anyone out there know of any products, or work being done in this area? It seems a shame to throw a full-sized computer at something like this, especially when the full-sized computer could be used for something important, like Quake..."

LRP

[rjamestaylor]

Check out Linux Router Project [linuxrouter.org].

Re:LRP

[rjamestaylor]

Even better: this [linuxrouter.org].

I [earthlink.net] found that [linuxrouter.org] using this [linuxrouter.org] search on http://www.linuxrouter.org/ [linuxrouter.org].

NETtel - uClinux

[affegott]

Check this out:

http://www.moretonbay.com/MBWEB/product/nettel/n ettel.htm

They make a m68k Coldfire based router. It runs the port of the 2.0.38 kernel that supports chinps with no mmu. I have seen hacked versions of the NETtel that even play MP3's. That Coldfir ein one sweet chip. (and it has a cool name)

I have played with the uCsimm... it is a pretty sweet piece of hardware. It has an ethernet controler, so you could turn it into a lame router no problem.

http://www.uclinux.org
or
http://www.rt-control.com

Just a thought...

Ryan

Low cost (non-linux) routers

[Anonymous Coward]

I've been looking at getting either the NetgearRT311 [netgear.com] or the LinksysBEFSR41 [linksys.com].
They don't run linux, but they're small, cheap, have some filtering, and can quietly run 24/7. Anybody have experience with these? Are there other boxes that qualify? For between $120 and $160 they seem like a good deal.

floppyfw

[Tom Davies]

Have a look at floppyfw [zelow.no]

NetBSD/i386 Firewall Project

[DreamerFi]

Look at www.dubbele.com [dubbele.com] for a free firewall project.

SonicWall has ICSA-certified firewalls for $400+

[BitMan]

I concur with just about everyone here that the Linux Router Project (LRP) [linuxrouter.org] is a floppy solution that can run on even a lowly 386 CPU. You should be able to find such a system for $50, and not have to spend the $$$ you mentioned.

Otherwise, if you really don't want to use a PC, I'd grab something like the SonicWall [sonicwall.com] SOHO/10 for around $400. As of last year, SonicWall's products were the only ICSA-certified firewalling products for under $4K. The SOHO/10 is a little 25MHz 68300-powered Coldfire running some RTOS (probably VxWorks). The SOHO/10 allows upto 10 nodes transparent access out, and even provides one-to-one NAT (private-to-public IP mapping) if you want to share out services, which you can filter, of course, by service.

Just FYI, their high-end product, the SonicWall PRO, is powered by a 233MHz SA 110 StrongArm chip and features a myrid of VPN and encryption options built-in, along with a DMZ port. It lists for $2995, not bad for its capabilities. But I figure you're not looking to spend THAT much. ;->>>

-- Bryan "TheBS" Smith

Re:Low cost (non-linux) routers

[rrogers]

Does anyone have any more info on the Netgear RT311? I'd been looking at the Linksys but the Netgear looks to be about $50 cheaper. I just can't find anything that lists the number of ports. Even the PDF spec file on the page linked in the previous post doesn't say how many ports there are. I know the Linksys has 4 ports.

Linux firewall appliance

[nayr]

I use the Watchguard SOHO [watchguard.com]. It's a small, modem sized box that runs a modified version of Linux with a web interface. The biggest drawback about this unit is it's lack of rule configuration options (by default it allows everything out and nothing in), and you can only specify 5 or 6 port forwards for things like http, DNS, SMTP, etc.

Freesco

[Partisan]

Free
Linux based
Needs 386 with floppy (or HD) and 6 MB RAM.
Menu driven
Works with NIC/Modem or 2 NICs so you can use DSL, Cable, etc.
Has caching name server
Does DHCP
http://www.linuxsupportline.com/~router/

i'm working on it

[gilko]

when i'm not reading /.

here checkout filanet [filanet.com]. for those of you may need a little encouragement to click on the link, our product will have these nifty features built in:

• WAN (V90, SDSL, ISDN, cable)
• Ethernet hub
• Router
• Firewall
• VPN
• NAT
• HTTP (configuration/hosting/caching)
• SMB
• USB storage/printer/modem (this is what i'm working on)
• 1394 storage

as for the internals it is uClinux running on a ARM904TMI processor with 32MB RAM/ 8MB flash all in a box that only 1U tall.

I'm using the RT311

[Delf]

It seems to be working well so far, I've had it installed for a month or so. I paid USD$229 for it over the counter at a local retail store, so the 120-160 quote sounds like a good deal to me.

I don't know enough to be able to comment on how secure the default configuration is, but it seems to do most of the things I've seen recommended, and it can be configured to do more if that's what you want. (It does most, but not all, of the routing checks recommended in the SANS article mentioned today on Slashdot.)

It worked fine for me out of the box. I get an IP address from my DSL provider via DHCP, which the RT311 handles just fine. Configuration is pretty straightforward and decently documented, should you need or want to adjust the default config. Configuration can be done either via a serial connection or over the protected network using telnet or a provided Windows program. The Windows program doesn't find my RT311, so I use telnet to configure. That's been the only aspect of using the RT311 that didn't work fine for me.

In answer to another poster, about the number of ports on the box, it has one port for connection to the wide world, and one port for connection to the protected network. It came with the proper cable (null-modem type thing, I forget what you call that in Ethernet cabling terms) for connection to the DSL box. I'm using a hub to share my DSL connection between multiple machines. I forget which way I had to set the switch on the hub before it connected properly to the RT311, but that's easy to figure out from the status lights.

Re:Low cost (non-linux) routers

[NT Convert]

I've actually used the Netgear RT328, which is an ISDN-based router. The only problems with it, as far as I was concerned, were that it only allowed a limited number of NAT translations, and it was port-based, so you could not map the same port to several machines. Other than that, the RT328 was a great little box.

Re:i'm working on it

[b_pretender]

you can probably save even more money with this:

WebPal
Goto linux-hacker [kenseglerdesigns.com] and on his BBS you will see a category called WebPal. This is a $69 ARM computer that hooks up to your television. Currently, we're trying to install linux on it. It's very linux-able and I'm sure I'll have it working in another week or two. I plan to use it as a file server, but it has much potential as a router/firewall too.

--

Karma Sink

[gavinhall]

Posted by 11223:

Hehe - I'm just a giant karma sink. This is just great!!!!!!